Mozilla Pushes Firefox Security Update as PWN2OWN Nears


Mozilla is updating its open source Firefox Web browser this week, fixing at least 10 security flaws in the first Firefox security update of 2011.

Eight of the vulnerabilities are rated as "critical," with one deemed "high" and the other rated "moderate." The Firefox 3.6.14 update comes ahead of the PWN2OWN hacking event next week, which awards cash and prizes to security researchers who can successfully demonstrate a vulnerability in a fully patched browser.

The update is the first security update from Mozilla since Firefox 3.6.13 was released at the end of last year, with fixes for 11 flaws.

Among the flaws fixed in Firefox 3.6.14 are what Mozilla refers to as, "miscellaneous memory safety hazards." The vulnerability could potentially have been exploited by an attacker to run arbitrary code.

Other memory flaws fixed in Firefox 3.6.14 include use-after free memory errors in JSON and issues with Web Workers. Two JavaScript buffer overflow conditions are also patched in the 3.6.14 update.

There is also a fix for a recursive evaluation call in the browser, which could have enabled an attacker to exploit a user, simply by way of closing an open dialog box.

"Closing the window causes the dialog to evaluate to true," Mozilla said in its security advisory. "An attacker could use this issue to force a user into accepting any dialog, such as one granting elevated privileges to the page presenting the dialog."

Another fix seeks to prevent a crash that could have been triggered by a corrupted JPEG image. Mozilla's security advisory on the issue noted that the malicious JPEG could cause data to be written beyond the end of the image storage buffer.

"An attacker could potentially craft such an image that would cause malicious code to be stored in memory and then later executed on a victim's computer," Mozilla warned.

Firefox 3.6.14 also plugs a potential cross-site request forgery (CSRF) risk that could have come from an HTTP 307 redirect. The 307 is a temporary redirect code that websites and servers can use to steer users to a different URL. The CSRF risk stems from a flaw in how browser plugins are notified about the redirect. Mozilla noted in its advisory that when plugin-initiated requests receive a 307 redirect response, the plugin is not properly notified.

"This poses a CSRF risk for Web applications that rely on custom headers only being present in requests from their own origin," Mozilla warned.

The timing of the Firefox 3.6.14 release is just ahead of next week's PWN2OWN event, sponsored by HP TippingPoint. At PWN2OWN, security researchers take aim at multiple Web browsers including Firefox, Chrome, Safari and Internet Explorer. Google updated Chrome earlier this week, fixing at least 19 security issues.

Sean Michael Kerner is a senior editor at, the news service of, the network for technology professionals.